EMPLOYEE NOTICE OF DATA PRIVACY POLICIES AND PROCEDURES

Transcription

1

2 ... 1 A. Ecolab s Commitment to Data Privacy... 3 B. Definitions... 3 C. Scope... 4 D. Data Privacy Principles... 4 E. Application of Local Law... 5 F. Human Resources Data Collected... 6 G. Purposes of Collecting Personal Data... 7 H. Disclosure of Personal Data... 8 I. Security and Data Integrity... 9 J. Data Access, Correction, and Processing Choice... 9 K. EU U.S. Privacy Shield L. Privacy Shield Dispute Resolution and Arbitration M.Changes to this Privacy Notice N. Liability O. Questions and Comments P. EU U.S. Privacy Shield Other Covered Entities Ecolab Data Privacy Compliance Manual» Rev. 9/2016» Issued by Legal Department» 2

3 A. Ecolab s Commitment to Data Privacy The Notice set forth below outlines the Personal Data that Ecolab may collect, how Ecolab uses and safeguards that data, and with whom we may share it. This Notice is intended to provide notice to individuals regarding Personal Data in an effort to be compliant with the data privacy laws and regulations of the jurisdictions in which Ecolab operates as well as compliance with its own Data Privacy Compliance Manual. In particular, this Notice is intended to demonstrate Ecolab s compliance with the EU U.S. Privacy Shield Program and the U.S. Switzerland Safe Harbor Framework. B. Definitions Data Subject: the individual, business, or other entity about which Personal Data is collected. Personal Data: any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural, or social identity. Personal Data is also commonly referred to as personal information or personally-identifiable information (PII). Processing of Personal Data ( processing ): any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction. Sensitive Personal Data: Personal Data that, if lost, compromised, or disclosed, could result in substantial harm, embarrassment, inconvenience, or unfairness to a Data Subject. Third Party: any natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor, and the persons who, under the direct authority of the controller or the processor, are authorized to process the data. Ecolab Data Privacy Compliance Manual» Rev. 9/2016» Issued by Legal Department» 3

4 C. Scope The Ecolab policies and procedures contained in this Notice apply throughout the Ecolab enterprise, including its wholly owned or controlled subsidiaries and affiliates. Unless otherwise required by a local jurisdiction or provided for in a subsequent or different notice, this Notice is intended to apply to all Ecolab employees in all operating units of Ecolab globally. Unless otherwise required by a local jurisdiction or provided for in a subsequent or different notice, this Notice applies to all the processing of Personal Data by the Ecolab organization, including its wholly owned subsidiaries, affiliates, and any third parties. D. Data Privacy Principles Ecolab is committed to the goal of adhering to the following Privacy Principles in all processing of Personal Data: Notice: Ecolab will notify individuals at the time of collection of data, or a reasonable time thereafter based on the laws and regulations of the relevant jurisdiction, the purposes for which it is collecting and using information about them. This notice shall include information about who can be contacted about inquiries or concerns, the type of third parties that the information may be disclosed to, and choices available for use and disclosure of that data. Choice: Ecolab provides all individuals the opportunity to opt out of information disclosure to a Third Party not provided in initial notice or use in a manner not provided in initial notice. If the information is considered Sensitive Personal Data as defined by the EU, Ecolab assumes the Data Subject has opted out of having such information disclosed to Third Parties, and a Data Subject must expressly opt in to consent to such disclosure. Ecolab Data Privacy Compliance Manual» Rev. 9/2016» Issued by Legal Department» 4

5 Onward Transfer (Transfer to Third Parties): The Notice and Choice Principles defined in these principles shall be applied to all onward transfers of Personal Data. Ecolab will not transfer Personal Data to a Third Party without notice unless one of the following applies: 1. Ecolab can ensure the Third Party is in compliance with Privacy Shield Principles; 2. The Third Party is subject to the EU Data Protection Directive; or 3. The Third Party has certified via agreement that it provides a level of protection equivalent to the Privacy Shield Principles. Access: Ecolab shall provide Data Subjects access to their Personal Data and opportunity to correct, amend, or delete that Personal Data when inaccurate, except in certain circumstances allowed in Privacy Shield Principles. Security: Ecolab takes reasonable precautions to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alternation, and destruction. Data Integrity: Ecolab only holds information relevant for the purpose for which it is to be used, as described in this Notice. Ecolab takes reasonable steps to ensure that information is reliable for its intended use, accurate, complete, or current. Enforcement: Ecolab provides recourse mechanisms to resolve individual concerns or disputes regarding Personal Data. Ecolab provides the procedures as outlined in this Notice for providing verification to individuals that the Privacy Shield Principles have been implemented. Ecolab is committed to providing a prompt remedy for any failure to comply with the Privacy Shield Principles, the laws or regulations of other jurisdictions, and/or its own privacy policies and procedures. E. Application of Local Law This Notice and the corresponding Data Privacy Compliance Manual is designed to set a uniform minimum standard for every Ecolab entity with respect to its protection of Ecolab Employees Personal Data. Ecolab recognizes that certain laws may impose additional requirements than those described in this Notice and the corresponding Data Privacy Compliance Manual. Ecolab will endeavor to collect and process Employees Personal Data in accordance with local law applicable at the location where such Employee Personal Data is collected and processed. Ecolab Data Privacy Compliance Manual» Rev. 9/2016» Issued by Legal Department» 5

6 F. Human Resources Data Collected The types of human resources data Ecolab collects (directly from you or from public or third party information sources) and shares depends on the nature of your position and role within Ecolab and the requirements of applicable laws in a relevant jurisdiction. Examples of this information may include, among other things: contact information (e.g., name, home and business addresses, telephone, fax and pager numbers, addresses, emergency contact information) personal information (e.g., date of birth, marital status, birth place, nationality, race, gender, religion, preferred language); employment, performance, compensation, and benefits (e.g., hire date, adjusted service date, action/status codes, Ecolab identification number, job title, position/grade, attendance, department, business unit, supervisor, site, union, objectives, projects, performance reviews, performance and leadership ratings, salary, bonus, long term incentives, awards, retirement, family member/dependents names and dates of birth); education and training (e.g., education level, field and institution; competency assessments; professional licenses and certifications; training courses); social security number or other national identification number; passport number; driver s license number, vehicle license plate number; bank account information; corporate card number; employment history and letters of recommendation; work restrictions and accommodations; industrial hygiene exposure assessment and monitoring information; agreements that you enter into with Ecolab; computer or facilities access and authentication information; grievance resolutions; and photographs and other visual images of you. The examples provided are not all-inclusive, and Ecolab also may collect similar or related information. Ecolab Data Privacy Compliance Manual» Rev. 9/2016» Issued by Legal Department» 6

7 Sensitive data: (e.g., data that reveal race, ethnic origin, religious or philosophical beliefs, health, sexual orientation, political opinions, or trade union membership) are collected only where allowed by law and are used and disclosed only to fulfill legal requirements unless employee provides consent for such collection or disclosure. Certain information collected is required to establish the employment relationship. You may inquire at the time of collection as to whether certain information is required or optional to establish the employment relationship. Further, where permissible and as described in Section J of this Notice, you may inquire about correction of deletion of any information initially provided. G. Purposes of Collecting Personal Data The collected personal information is processed for Ecolab s business purposes, including establishing, managing, or terminating your employment relationship with Ecolab. Such uses include: determining eligibility for initial employment, including the verification of references and qualifications; administering pay and benefits; processing employee work-related claims (e.g. worker compensation, insurance claims, etc.); establishing training and/or development requirements; conducting performance reviews and determining performance requirements; assessing qualifications for a particular job or task; gathering evidence for disciplinary action or termination; establishing a contact point in the event of an emergency (such as next of kin); complying with applicable labor or employment statutes; compiling directories; ensuring the security of company-held information; and such other purposes as are reasonably required by Ecolab. The uses provided are not all-inclusive, and Ecolab also may collect similar or related information consistent with laws and regulations of a particular jurisdiction, and subsequent notice provided or posted as consistent with applicable legal requirements. Ecolab Data Privacy Compliance Manual» Rev. 9/2016» Issued by Legal Department» 7

8 H. Disclosure of Personal Data Ecolab may share your Personal Data with our employees, contractors, consultants, and other parties who require such information to assist us with establishing, managing, or terminating our employment relationship with you, including parties that (a) provide products or services to us or on our behalf or (b) collaborate with us in the provision of products or services to you. In some instances, such parties may also provide certain information technology and data processing services to us so that we may operate our business. We may share Personal Data with such parties both in and outside of your home jurisdiction, and, as a result, your Personal Data may be collected, used, processed, stored, or disclosed in jurisdictions outside of your home country. When Ecolab shares Personal Data with such parties, our policy is to require that they only use or disclose such Personal Data in a manner consistent with the use and disclosure provisions of this Notice and consistent with the laws and regulations of the jurisdiction where you live. In addition, Personal Data may be disclosed or transferred to another party (including Third Parties) in the event of a change in ownership of, or a grant of a security interest in, all or a part of Ecolab through, for example, an asset or share sale, or some other form of business combination, merger or joint venture, provided that such party is bound by appropriate agreements or obligations and required to use or disclose your personal information in a manner consistent with the use and disclosure provisions of this Privacy Notice, unless you consent otherwise. Further, your Personal Data may be disclosed: as permitted or required by applicable law or regulatory requirements. In such a case, we will endeavor to not disclose more personal information than is required under the circumstances; to comply with valid legal processes such as search warrants, subpoenas, or court orders; as part of Ecolab s regular reporting activities to other parts of Ecolab s enterprise to protect the rights and property of Ecolab; during emergency situations or where necessary to protect the safety of a person or group of persons; where the personal information is publicly available; or Ecolab Data Privacy Compliance Manual» Rev. 9/2016» Issued by Legal Department» 8

9 with your consent where such consent is required by law. To a limited extent Ecolab may need to collect Sensitive Personal Data, Ecolab will ensure that the Data Subject is informed of such collection and processing through notice provided at the outset of the employee s employment with Ecolab and at other times where required by law. Where required by law, the Data Subject s explicit consent to the processing and particularly to the transfer of such Sensitive Personal Data to Third Parties will be obtained. Appropriate security and protection measures will be provided depending on the nature of the information and the risks associated with the intended uses. I. Security and Data Integrity Ecolab will take reasonable precautions to protect Personal Data in its possession secure against the risk of loss, misuse, unauthorized access, disclosure, alteration and destruction. Ecolab periodically reviews its security measures in an effort to ensure the privacy of Personal Data. Ecolab will take reasonable precautions to ensure Personal Data is used only in ways that are compatible with the purposes for which the data was collected or subsequently authorized by the individual. While Ecolab will take reasonable steps to ensure that Personal Data is relevant to its intended use, accurate, complete, and current, Ecolab also relies upon you to assist in providing accurate updates of your Personal Data. J. Data Access, Correction, and Processing Choice Upon request, Ecolab will grant individuals reasonable access to Personal Data that it holds about them. In addition, Ecolab will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete. Ecolab will rely on you to assist in providing timely updates to Personal Data held by Ecolab you know to be incorrect. As required by the laws and regulations of the relevant jurisdiction, Ecolab will provide a Data Subject access to the following information related to the Data Subject s Personal Data: the purposes of any processing; the categories of Personal Data processed; Ecolab Data Privacy Compliance Manual» Rev. 9/2016» Issued by Legal Department» 9

10 the recipients or categories of recipients to whom the Personal Data are to be or have been disclosed, in particular Third Parties; the period for which the Personal Data will be stored; the existence of the right to request from Ecolab rectification or erasure of Personal Data concerning the Data Subject or to object to the processing of such Personal Data; the right to lodge a complaint to the DP Coordinator or Privacy Officer and the contact details of the DP Coordinator and Privacy Officer; communication of the Personal Data undergoing processing and of any available information as to their source; the significance and envisaged consequences of such processing. Data Subjects can request access to correct, amend, or delete Personal Data by contacting the following: PHONE: dataprivacy@ecolab.com K. EU U.S. Privacy Shield Ecolab complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Ecolab has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit L. Privacy Shield Dispute Resolution and Arbitration The Federal Trade Commission has jurisdiction regarding investigation and enforcement of Ecolab s compliance with the Privacy Shield. In compliance with the Privacy Shield and Safe Harbor Principles, Ecolab commits to resolve complaints about our collection or use of your personal information. Employees in the EU or EEA with inquiries or complaints regarding Ecolab s privacy policy and Ecolab Data Privacy Compliance Manual» Rev. 9/2016» Issued by Legal Department» 10

11 compliance with Privacy Shield should first contact their human resources manager or Ecolab s general data privacy contact at: PHONE: dataprivacy@ecolab.com In addition, Ecolab employees may submit a complaint to an independent recourse mechanism. Ecolab commits to cooperate with the panel established by the EU data protection authorities (DPAs) and comply with the advice given by the panel with regard to human resources data transferred from the EU in the context of the employment relationship. The following link may assist you in finding the appropriate DPA: Individuals located in the EU or EEA have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. Information regarding arbitration can be found here: M. Changes to this Privacy Notice Ecolab reserves the right to modify this Notice from time to time in order that it accurately reflects the regulatory environment and our data collection principles. When material changes are made to this Notice, Ecolab will post the revised Privacy Statement on our website and provide employees subsequent notice where consistent with local laws or regulations. N. Liability If a third party service provider providing services on Ecolab s behalf processes personal data from the EU or EEA in a manner inconsistent with the Privacy Shield Principles, unless Ecolab can prove that we are not responsible for an event giving rise to damages claimed by any claimant or regulatory body, Ecolab will be liable to such claimant or regulatory body for such damages. Ecolab Data Privacy Compliance Manual» Rev. 9/2016» Issued by Legal Department» 11

12 O. Questions and Comments If you have any other questions or comments about this Notice as applicable to your Personal Data, please contact: PHONE: P. EU U.S. Privacy Shield Other Covered Entities The following subsidiaries are also covered entities under the Privacy Shield listing of Ecolab Inc.: Calgon LLC E&M Bio-Chemicals, LLC Ecolab Inc. Ecolab Food Safety Specialties Inc. Ecolab USA Inc. Fresno Energy LLC Four State Hygiene, Inc GCS Service, Inc. Kay Chemical International Inc. Microtek Medical Inc. Nalco Cal Water LLC Nalco Company LLC Nalco Contract Operations, LLC Nalco Crossbow Water LLC Nalco Fab-Tech LLC Nalco Industrial Outsourcing Company Nalco Wastewater Contract Operations, Inc Nanospecialties, LLC Naperville Property L.P. Ones West Africa LLC Process Water One Quantum Technical Services, LLC Res-Kem General Water LLC RES-KEM LLC Ecolab Data Privacy Compliance Manual» Rev. 9/2016» Issued by Legal Department» 12

13 Sanolite Corporation Service Michigan, LLC Service Tampa, LLC Swisher Hygiene Franchise Corp. Swisher Hygiene USA Operations, Inc. Swisher International, Inc. SWSH Arizona Mfg, Inc. SWSH Daley Mfg, Inc. SWSH Mount Hood Mfg, Inc. Two LLC Wabasha Leasing LLC Ecolab Data Privacy Compliance Manual» Rev. 9/2016» Issued by Legal Department» 13